Vulnerabilities > Apport Project

DATE CVE VULNERABILITY TITLE RISK
2020-04-28 CVE-2019-15790 Improper Privilege Management vulnerability in multiple products
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges.
local
low complexity
apport-project canonical CWE-269
2.1
2020-04-22 CVE-2020-8833 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity.
1.9
2020-04-22 CVE-2020-8831 Link Following vulnerability in multiple products
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory.
local
low complexity
canonical apport-project CWE-59
2.1
2020-02-08 CVE-2019-11485 Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
local
low complexity
apport-project canonical
2.1
2020-02-08 CVE-2019-11483 Sander Bos discovered Apport mishandled crash dumps originating from containers.
local
low complexity
apport-project canonical
2.1
2020-02-08 CVE-2019-11482 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
1.9
2020-02-08 CVE-2019-11481 Link Following vulnerability in multiple products
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges.
local
low complexity
canonical apport-project CWE-59
6.1
2019-08-29 CVE-2019-7307 Race Condition vulnerability in Apport Project Apport
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report.
4.4
2018-05-31 CVE-2018-6552 Unspecified vulnerability in Apport Project Apport
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
local
low complexity
apport-project canonical
7.2
2018-02-02 CVE-2017-14180 Resource Exhaustion vulnerability in multiple products
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
local
low complexity
apport-project canonical CWE-400
7.2